search cancel

GitHub Gatelet introduces supports for the GitHub CLI

book

Article ID: 256977

calendar_today

Updated On:

Products

CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Gateway Advanced CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

CASB version 3.154 released limited support for the GitHub CLI.

Resolution

CASB techdoc describes what GitHub activity is supported by GitHub CLI and what is only support via web.

The following are known limitations:

  • Github needs to be configured to use a Windows certificate store (git config --global http.sslbackend schannel)
  • Filenames are not available for upload/download events, repository names are available instead.
  • Access Enforcement policy doesn't work well for Session-Auth due to client caching tokens. But, would work for upload/download activities.
  • Cloud Service username is not available and falls back to CloudSOC user.
  • DLP scan doesn't work for most scenarios due to upload/download being encrypted

OA Pair Details

  • OA Pair – Session -Auth
    • Login:
      • Command : gh auth login --with-token < token.txt
        • User Name not available
      • Command: gh auth login
    • Logout:
      • Command: gh auth logout
        • Display Auth info
          Command: gh auth status 
          Since the traffic for this command matches with login/logout , performing this activity also generates Session-Auth OA

 

  • OA Pair – File/Folder Download
    • Gist Clone:
      • Command: gh gist clone 11c2b67be809909adcdb5c9cbbac59d5
        Commnad: gh gist clone Repo Clone:
        Command: gh repo clone Owner/repo
    • Git pull: file/folder download
      • Command: git pull 
    • git clone:
    • git fetch:
      • Command git fetch –-all
    • gh repo sync : Download
      • Command: gh repo sync keep new file in github.com repo then do sync
    • OA Pair – File-Upload
      • Gist Create:
        Command: gh gist create --public hello.py
        Command: gh gist create hello.py -d "my Hello-World program in Python"
        Command: gh gist create hello.py world.py cool.txt
    • OA Pair – File/Folder-Upload
      • Git Push: file/folder upload verify it must
        • Command: git push